Wagering game machines, such as slot machines, video poker machines and the like, have been a cornerstone of the gaming industry for several years. Generally, the popularity of such machines depends on the likelihood (or perceived likelihood) of winning money at the machine and the intrinsic entertainment value of the machine relative to other available gaming options. Where the available gaming options include a number of competing wagering game machines and the expectation of winning at each machine is roughly the same (or believed to be the same), players are likely to be attracted to the most entertaining and exciting machines. Shrewd operators consequently strive to employ the most entertaining and exciting machines, features, and enhancements available because such machines attract frequent play and hence increase profitability to the operator.
Because wager gaming involves large monetary sums, the industry is heavily regulated by government agencies and the like. Regulators attempt to keep wager gaming fair, and protect the public and casinos from cheating. In some regulatory jurisdictions, regulators perform verification testing on wagering game machine components. For example, regulators may examine (e.g., in the field) a machine's Basic Input/Output System (BIOS) to ensure that it has not been modified since receiving regulatory approval. Modified BIOS code may perform rogue operations that facilitate cheating. As a result, regulators may confiscate or otherwise deactivate machines that have been modified.
Some wagering game machines take additional measures to ensure that no components have been modified. Some wagering game machines establish a chain of trust for all code being executed on the machine. The machines can include processors, chipsets, nonvolatile memory storing BIOS, etc. The BIOS includes code executed as part of the wagering game machine's boot-up process. In wager gaming environments, the BIOS code may be stored in write-protected nonvolatile memory to prevent the code from being modified, deleted, etc.
This nonvolatile memory containing the BIOS code typically resides on a carrier board (also known as a motherboard, system printed circuit board, baseboard, main board, etc.). In some instances, the nonvolatile memory (including the BIOS code) resides in a socket on the carrier board. The nonvolatile memory can be removed from the socket for independent authentication of its contents (e.g., BIOS code). For example, the nonvolatile memory can be placed in a trusted verification device for verification (e.g., verification devices can include devices manufactured by Kobetron Inc. of Navarre, Fla., Gaming Laboratories International Inc. (GLI) of Toms River, N.J., Dataman Programmer Ltd. of Orange City, Fla., etc.). The trusted verification device can then produce a digital signature based on the data that is stored therein. This device can compare the digital signature to a known valid digital signature. Once authenticated, the BIOS code is the beginning of a chain of trust.
This authentication by a trusted verification device can occur at different times. For example, regulators can perform authentication when the wagering game machine is initially installed, at different times in the field, etc. Thus, regulators may manually remove the nonvolatile memory to authenticate the BIOS. In another example, this authentication can be required after a certain level of win—a big win. A big win can be defined relative to any monetary amount and can vary between different types of wagering game machines. For example, a big win on wagering game machine A can be $10,000, and a big win on wagering game machine B can be $25,000. An authentication after a big win can help ensure that no person or program has tampered with or altered this chain of trust in the wagering game machine to illegally obtain the win.
As noted, some gaming regulations call for authentication of BIOS code. As the number of different wagering game machine component configurations increases, so increases the number of BIOS configurations. If the BIOS and its associated digital signatures were different for every different component configuration, the authentication process would be cumbersome and slow, as regulators would need to look up unique digital signatures for each different configuration.